VMA实战操练
在上篇文章根据crash学习用户空间程序内存布局涉及到了VMA的相关操作,本节通过一个简单的实例来深刻的学习下VMA是什么,以及VMA是如何组织的。
先来看下VMA的结构体
struct vm_area_struct {
/* The first cache line has the info for VMA tree walking. */
unsigned long vm_start; /* Our start address within vm_mm. */
unsigned long vm_end; /* The first byte after our end address
within vm_mm. */
/* linked list of VM areas per task, sorted by address */
struct vm_area_struct *vm_next, *vm_prev;
struct rb_node vm_rb;
/* Second cache line starts here. */
struct mm_struct *vm_mm; /* The address space we belong to. */
pgprot_t vm_page_prot; /* Access permissions of this VMA. */
unsigned long vm_flags; /* Flags, see mm.h. */
/*
* For areas with an address space and backing store,
* linkage into the address_space->i_mmap interval tree.
*
* For private anonymous mappings, a pointer to a null terminated string
* in the user process containing the name given to the vma, or NULL
* if unnamed.
*/
union {
struct {
struct rb_node rb;
unsigned long rb_subtree_last;
} shared;
const char __user *anon_name;
};
} ;- vma_start代表的是此vma的开始地址
- vma_end代表的是此vma的结束地址
- 因为vma会通过双向链表链接在一起的,所以会存在vm_next和vm_prev指针
- 同时为了查找方便,vma也通过红黑树组织在一起,vm_rb则是vma的红黑树节点
- vm_mm就是此vma所属的mm_struct结构
- vm_page_prot意思是此vma所对应的权限,是否可读可写可执行等
我们还是借用这张图,可以看到task_struct中的mm_struct中会存在mmap和mmap_rb成员。
struct mm_struct {
struct {
struct vm_area_struct *mmap; /* list of VMAs */
struct rb_root mm_rb;
u64 vmacache_seqnum; /* per-thread vmacache */
......了解了VMA的组织数据后,我们还是通过昨天的例子来通过驱动模块来获取VMA各个段的信息
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/sched.h>
#include <linux/sched/signal.h>
#include <linux/mm.h>
static int mpid=1;
static void print_vma(struct task_struct *task)
{
struct mm_struct *mm;
struct vm_area_struct *vma;
int count=0;
mm = task->mm;
printk("This mm_struct has %d vma\n", mm->map_count);
for(vma = mm->mmap; vma; vma=vma->vm_next){
printk("vma number %d: \n", ++count);
printk("Start address 0x%lx, End address 0x%lx\n", vma->vm_start, vma->vm_end);
}
printk("Code segment start=0x%lx, end=0x%lx\n"
"Data Segment start=0x%lx, end=0x%lx\n"
"Stack segment start=0x%lx\n",
mm->start_code, mm->end_code, mm->start_data, mm->end_data, mm->start_stack);
}
static int vma_start()
{
struct task_struct *task;
printk("Got the process id =%d\n", mpid);
for_each_process(task) {
if(task->pid == mpid){
printk("%s[%d]\n", task->comm, task->pid);
print_vma(task);
}
}
return 0;
}
static void vma_exit()
{
printk("print segment info module exit!\n");
}
module_init(vma_start);
module_exit(vma_exit);
module_param(mpid, int, 0);我们通过获取应用程序的pid,然后通过模块参数传递到驱动模块中,匹配到相同的pid,则将此进程的名字(comm字段),PID(pid)字段打印出来。同时获取当前进程有多少个vma,打印各个vma的开始地址和结束地址。
通过maps命令获取进程的各个vma信息
root:/data # cat /proc/4766/maps
00400000-0047c000 r-xp 00000000 103:23 6918 /data/vma
0048b000-0048e000 rw-p 0007b000 103:23 6918 /data/vma
0048e000-0048f000 rw-p 00000000 00:00 0
38382000-383a4000 rw-p 00000000 00:00 0 [heap]
78941af000-78941fb000 rw-p 00000000 00:00 0
78941fb000-78941fc000 r--p 00000000 00:00 0 [vvar]
78941fc000-78941fd000 r-xp 00000000 00:00 0 [vdso]
7fc0ed3000-7fc0f9d000 rw-p 00000000 00:00 0 [stack]再看看我们的驱动程序的打印信息
[ 2432.979096] Got the process id =4766
[ 2432.979495] vma[4766]
[ 2432.979500] This mm_struct has 8 vma
[ 2432.979504] vma number 1:
[ 2432.979508] Start address 0x400000, End address 0x47c000
[ 2432.979511] vma number 2:
[ 2432.979515] Start address 0x48b000, End address 0x48e000
[ 2432.979518] vma number 3:
[ 2432.979522] Start address 0x48e000, End address 0x48f000
[ 2432.979525] vma number 4:
[ 2432.979529] Start address 0x38382000, End address 0x383a4000
[ 2432.979532] vma number 5:
[ 2432.979536] Start address 0x78941af000, End address 0x78941fb000
[ 2432.979539] vma number 6:
[ 2432.979543] Start address 0x78941fb000, End address 0x78941fc000
[ 2432.979547] vma number 7:
[ 2432.979551] Start address 0x78941fc000, End address 0x78941fd000
[ 2432.979554] vma number 8:
[ 2432.979558] Start address 0x7fc0ed3000, End address 0x7fc0f9d000
[ 2432.979564] Code segment start=0x400000, end=0x47b76f
Data Segment start=0x48b770, end=0x48d348
Stack segment start=0x7fc0f9ba00通过这个例子我们就清晰的了解到各个vma是用来描述各个段的,各个段的信息通过vm_area_struct结构有详细的描述。而且各个vma都是通过双链表链接在一起的。链表的主要作用是方便删除增加;另外一种红黑树组织方式是为了查找方便的。
本文参与 腾讯云自媒体分享计划,分享自作者个人站点/博客。
如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读